Summary

The impact of OpenSSL security advisory secadv_20140506.txt on BoKS Desktop 6.6

Issue Desciption

On Aug 6, 2014, OpenSSL published new versions 0.9.8zb, 1.0.0n and 1.0.1i of the OpenSSL library to remediate a number of different CVEs described in https://www.openssl.org/news/secadv_20140806.txt.

Fox Technologies has performed an analysis of these vulnerabilities and found that the following issue has some impact on BoKS Desktop version 6.6:

  • CVE-2014-3509 Race condition in ssl_parse_serverhello_tlsext

Resolution / Workaround

Fox Technologies recommends that you install hotfixes to update the versions of OpenSSL included in the following programs:

BoKS Desktop 6.6 x64

Install hotfix dt66x64Hotfix15Case140812-015054.msi, available from the customer support portal. This hotfix updates the OpenSSL version included from 1.0.0m to 1.0.0n.

BoKS Desktop 6.6 x86 Biometric Edition

Install hotfix dt66x86BIOHotfix8Case140812-015054.msi, available from the customer support portal. This hotfix updates the OpenSSL version included from 1.0.0m to 1.0.0n.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: June 28, 2019